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CLAIMS 

1. In a system for formalizing, diffusing, and enforcing policy advisories and for 
monitoring policy compliance in the management of the networks of computational 

5 devices, said system comprising a plurality of distributed clients, each of which runs on a 
corresponding networked computational device, an apparatus comprising: 

an enterprise console comprising a centrally managed advisory diffusion 
mechanism and a protocol for diffusing said advisories across said network; 

a plurality of advisories specifying relevance criteria and an action, at least one 
1 0 advisory describing a problem that has been discovered on a client; 

wherein said distributed clients gather said advisories and process said 
advisories; and 

wherein said advisories formally target specific states of a computational device 
and formally specify actions to take in response thereto. 

15 

2. The apparatus of Claim 1 , said system further comprising: 

a central server coupled to a central database, said central server storing data h 
and retrieving data from said central database. 

20 3. The apparatus of Claim 2, wherein each of said distributed clients determines 
relevance of an advice message by evaluating a relevance clause of said advice 
message, while automatically retrieving properties of a computational device on which 
said client runs. 

25 4. The apparatus of Claim 3, wherein said relevance clause is written in a formal 
descriptive language; and wherein said advisory comprises a short, clear explanation of 
said problem. 
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5. The apparatus of Claim 4, further comprising: 

means for adding, modifying, or canceling a subscription of a distributed client to 
one or more advice provider sites. 

5 6. The apparatus of Claim 5, further comprising: 

means for selecting a group of computational devices, specifying action 
messages, scheduling, and controlling execution when deploying actions proposed by 
relevant advice messages. 

1 0 7. The apparatus of Claim 6, further comprising: 

means for securely deploying actions of relevant advice messages to a selected 
group of said distributed clients. 

8. The apparatus of Claim 7, further comprising: 

1 5 means for monitoring status of deployed actions. 

9. The apparatus of Claim 8, further comprising: 

means for stopping previously deployed actions which have not finished running. 

20 1 0. The apparatus of Claim 9, further comprising: 

means for monitoring status of each computational device while actions are being 
deployed and executed. 

1 1 . The apparatus of Claim 1 0, wherein said means for monitoring allows said system 
25 administrator to define and retrieve customized properties of computational devices 

using a formal descriptive language. 

12. An enterprise management apparatus, comprising: 
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a centrally managed advisory diffusion server for gathering advisories from an 
advisory site, wherein said advisories comprise relevance criteria and an action, and 
wherein said advisories identify relevant computers on a network and allow authorized 
personnel to monitor, modify, and maintain said computers across any subset of said 
5 network; 

a console in communication with said server for displaying any of changes and 
new knowledge about said network; and 

a plurality of clients associated with said network, each client processing said 
advisories based upon a relevance determination, inspecting an associated computer, 
1 0 and reporting any relevance determination and actions to said server 



13. The apparatus of Claim 12, further comprising: 

a plurality of relays for relaying said advisories to said clients and for receiving 
related data from said client to forward to said server. 

14. The apparatus of Claim 12, said console further comprising: 

means for a console operator to target patches or other fixes to appropriate 
computers when vulnerabilities are discovered. 



20 1 5. The apparatus of Claim 14, said console further comprising: 

means for following progress of said patches or fixes in near real-time as they 
spread to all relevant computers and, one by one, eliminate bugs and vulnerabilities for 
affected computers across said network. 



25 16. The apparatus of Claim 12, further comprising: 

means for keeping a running history of any and all remedial actions taken with 
regard to said computers. 
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1 7. The console of Claim 1 2, further comprising: 
means for providing a detailed audit trail for every action and every maintained 

computer on said network. 

18. In a network comprising a plurality of managed computers, an enterprise 
management apparatus, comprising: 

a console for providing a system-wide view of said managed computers, along 
with specific characteristics thereof and associated actions, and for distributing information 
only to those computers for which said information is relevant; 

a client associated with each managed computer for accessing a collection of 
messages comprising said information and that identify relevant computer characteristics, 
wherein if said characteristics are identified, said client implements associated actions 
received from said console; and 

a server for coordinating information flow to and from individual clients and for 
storing results in a database. 

19. The apparatus of Claim 18, further comprising: 
a relay for offloading said server, wherein a plurality of clients point to a relay for 

downloads, which in turn makes only a single request of said server. 
20 

20. The apparatus of Claim 19, wherein a plurality of interaccessible relays are 
provided. 

21 . The apparatus of Claim 1 8, further comprising: 

25 a report module for maintaining an audit trail of all console activity on said network. 

22. The apparatus of Claim 1 8, further comprising: 

a filter panel for providing a set of folders that contains specific field values to 
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focus console activity. 

23. The apparatus of Claim 18, wherein each message describes a problem that has 
been discovered on a client, and a short, clear explanation of said problem. 

5 

24. The apparatus of Claim 18, further comprising: 

a human-readable relevance language for said messages that provides 
expressions for querying an exhaustive set of computer properties to target actions 
only to those computers matching predetermined relevance criteria. 

10 

25. In a system for formalizing, diffusing, and enforcing policy advisories and for 
monitoring policy compliance in the management of the networks of computational 
devices, said system comprising a plurality of distributed clients, each of which runs on a 
corresponding networked computational device, and a server for coordinating information 

1 5 flow to and from individual clients, an apparatus comprising: 

at least one relay for offloading a download burden from said server, wherein said 
clients download from a designated relay; 

wherein said server distributes each advisory once to said relay, which in turn 
distributes said advisory to said clients; and 
20 overhead on said server is reduced by a ratio of relays to clients. 

26. The apparatus of Claim 25, wherein for each client in said network, both a primary 
and a secondary relay are specified. 

25 27. The apparatus of Claim 26, wherein each client first attempts to download from its 
primary relay; and wherein if said primary relay is unavailable for a client, said client can 
download from said secondary relay. 
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28. The apparatus of Claim 26, wherein if said primary relay fails, said secondary 
becomes a primary relay. 

29. The apparatus of Claim 28, wherein if said secondary also fails, said client 
5 automatically downloads directly from said server. 

30. In a system for formalizing, diffusing, and enforcing policy advisories and for 
monitoring policy compliance in the management of the networks of computational 
devices, said system comprising a plurality of distributed clients, each of which runs on a 

1 0 corresponding networked computational device, a method comprising the steps of: 

providing a centrally managed advisory diffusion mechanism and a protocol for 
diffusing said advisories across said network; 

providing a plurality of advisories specifying relevance criteria and an action, at 
least one advisory describing a problem that has been discovered on a client, said 
1 5 advisory comprising a short, clear explanation of said problem; 

wherein said distributed clients gather said advisories and process said 
advisories; and 

wherein said advisories formally target specific states of a computational device 
and formally specify actions to take in response thereto. 

20 

31 . The method of Claim 30, further comprising the step of: 

providing a central server coupled to a central database, said central server 
storing data in and retrieving data from said central database. 

25 32. The method of Claim 31 , further comprising the step of: 

each of said distributed clients determining relevance of an advice message b y 
evaluating a relevance clause of said advice message, while automatically retrieving 
properties of a computational device on which said client runs. 
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33. The method of Claim 32, wherein said relevance clause is written in a formal 
descriptive language. 

5 34. The method of Claim 33, further comprising the step of: 

any of adding, modifying, and canceling a subscription of a distributed client to 
one or more advice provider sites. 

35. The method of Claim 34, further comprising the step of: 

10 selecting a group of computational devices, specifying action messages, 

scheduling, and controlling execution when deploying actions proposed by relevant 
advice messages. 

36. The method of Claim 35, further comprising the step of: 

15 securely deploying actions of relevant advice messages to a selected group of 

said distributed clients. 

37. The method of Claim 35, further comprising the step of: 

monitoring status of deployed actions. 

20 

38. The method of Claim 37, further comprising the step of: 

stopping previously deployed actions which have not finished running. 

39. The method of Claim 38, further comprising the step of: 

25 monitoring status of each computational device while actions are being deployed 

and executed. 
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40. The method of Claim 39, wherein said monitoring step allows said system 
administrator to define and retrieve customized properties of computational devices 
using a formal descriptive language. 

41 . An enterprise management method, comprising the steps of: 
gathering advisories from an advisory site with a centrally managed advisory 

diffusion server, wherein said advisories comprise relevance criteria and an action, and 
wherein said advisories identify relevant computers on a network and allow authorized 
personnel to monitor, modify, and maintain said computers across any subset of said 
network; 

displaying any of changes and new knowledge about said network with a 
console in communication with said server; and 

providing a plurality of clients associated with said network, each client processing 
said advisories based upon a relevance determination, inspecting an associated 
computer, and reporting any relevance determination and actions to said server 

42. The method of Claim 41 , further comprising the step of: 
relaying said advisories to said clients and receiving related data from said client 

to forward to said server with a plurality of relays. 
20 

43. The method of Claim 41 , said console further comprising the step of: 

a console operator to targeting patches or other fixes to appropriate computers 
when vulnerabilities are discovered. 

25 44. The method of Claim 43, said console further comprising the step of: 

following progress of said patches or fixes in near real-time as they spread to all 
relevant computers and, one by one, eliminate bugs and vulnerabilities for affected 
computers across said network. 
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45. The method of Claim 43, further comprising the step of: 

keeping a running history of any and all remedial actions taken with regard to said 
computers. 

5 

46. The method of Claim 43, further comprising the step of: 

providing a detailed audit trail for every action and every maintained computer on 
said network. 

1 0 47. An enterprise management method for a network comprising a plurality of managed 

computers, comprising the steps of: 

providing a system-wide view of said managed computers, along with specific 

characteristics thereof and associated actions, and for distributing information only to 

those computers for which said information is relevant; 
15 providing a client associated with each managed computer for accessing a 

collection of messages comprising said information and that identify relevant computer 

characteristics, wherein if said characteristics are identified, said client implements 

associated actions received from said console; and 

coordinating information flow to and from individual clients and for storing results in 
20 a database. 

48. The method of Claim 47, further comprising the step of: 

offloading said server with a relay, wherein a plurality of clients point to a relay for 
downloads, which in turn makes only a single request of said server. 

25 

49. The method of Claim 48, wherein a plurality of interaccessible relays are provided. 

50. The method of Claim 47, further comprising the step of: 
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maintaining an audit trail of all console activity on said network. 

51 . The method of Claim 47, further comprising the step of: 

providing a set of folders that contains specific field values to focus console 
5 activity. 

52. The method of Claim 47, wherein each message describes a problem that has 
been discovered on a client, and a short, clear explanation of said problem. 

1 0 53. The method of Claim 47, further comprising the step of: 

providing a human-readable relevance language for said messages that 
provides expressions for querying an exhaustive set of computer properties to target 
actions only to those computers matching predetermined relevance criteria. 

15 54. In a system for formalizing, diffusing, and enforcing policy advisories and for 
monitoring policy compliance in the management of the networks of computational 
devices, said system comprising a plurality of distributed clients, each of which runs on a 
corresponding networked computational device, and a server for coordinating information 
flow to and from individual clients, a method comprising the steps of: 

20 offloading a download burden from said server with a relay, wherein said clients 

download from a designated relay; 

said server distributing each advisory once to said relay, which in turn distributes 
said advisory to said clients; and 

reducing overhead on said server a ratio of relays to clients. 

25 

55. The method of Claim 54, wherein for each client in said network, both a primary and 
a secondary relay are specified. 
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56. The method of Claim 55, wherein each client first attempts to download from its 
primary relay; and wherein if said primary relay is unavailable for a client, said client can 
download from said secondary relay. 

5 57. The method of Claim 55, wherein if said primary relay fails, said secondary 
becomes a primary relay. 

58. The method of Claim 57, wherein if said secondary also fails, said client automatically 
downloads directly from said server. 

10 

59. In a system for formalizing, diffusing, and enforcing policy advisories and for 
monitoring policy compliance in the management of the networks of computational 
devices, said system comprising: a plurality of distributed clients, each of which runs on a 
corresponding networked computational device, a server for coordinating information 

1 5 flow to and from individual clients, and a plurality of relays, each of which aggregates and 
mediates communication between said distributed clients and said server, an apparatus 
comprising: 

means associated with each said client for evaluating a relevance clause identifying 
a file or group of files to upload to said server from the associated computational device; 
20 means associated with each said client for aggregating a file or group of files 

resident on a corresponding networked computational device into a file collection; 
wherein said relay offloads an upload burden from said server; and 
wherein said clients upload said file collection to said server via a designated relay; 

and 

25 means associated with each said client for distributing each file collection once to 

said relay, which in turn distributes said file collection to said server. 

60. The apparatus of Claim 59, said system further comprising: 
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a central server coupled to a repository of files, said server storing data in, and 
retrieving data from, said repository of files. 

61. The apparatus of Claim 59, wherein said client compresses said file collection to 
5 reduce said collection's data size. 

62. The apparatus of Claim 59, wherein said client distributes each file collection 
periodically to said relay, which in turn distributes said files to said server. 

10 63. The apparatus of Claim 59, wherein said client does not include files in a file 
collection that have not changed since a previous file collection continuing said files was 
uploaded. 

64. The apparatus of Claim 59, further comprising: 

15 means for limiting bandwidth consumed by said client during upload of said file 

collection to said relay. 

65. The apparatus of Claim 59, further comprising: 

means for limiting bandwidth consumed by said relay during upload of said file 
20 collection to said server. 

66. The apparatus of Claim 59, further comprising: 

means for resuming an interrupted upload of said file collection by said client to said 
relay at a point of interruption. 

25 

67. The apparatus of Claim 59, further comprising: 

means for resuming an interrupted upload of said file collection by said client to said 
relay at a point of interruption. 
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